Check password during initialisation

[davidmigloz]

Currently, if you are using a user-provided password you don't know if the password is correct until you try to decrypt some value and you get an exception. It would be nice to know it when you are getting the Armadillo instance.

We could store some dummy value and try to decrypt it during the initialisation to check that the password is correct. What do you think?

[patrickfav]

That's generally a good idea, but I wouldn't do it automatically since the key stretching might take seconds which would make the initialization unnecessary complicated (waiting for a callback or using Observables).

Also I'm not sure I want to pollute the user encryption data with too much meta data (the user should be able to keep it as clean as possible.

This feature can be trivially implemented by a user, he/she only has to add the dummy value and try to read it after initialization. So I dont want the users to force to have this dummy check value if they don't need it (also migration would be a hassle again)

[davidmigloz]

I see your point.

Maybe It could be an additional parameter in the builder and a separate method to check it. So it would be totally optional to use it. Something like:

// Initialise Armadillo
ArmadilloSharedPreferences preferences = Armadillo.create(context, "myCustomPreferences")
        .password(pass, /* support password validation */ true)
        .build();
// Check validity of the password in background
if(preferences.isValidPassword()) {
        ...
} else {
        ....
}

[patrickfav]

I see your use case, a user might want to immediately check if a password is correct for an internal login. We just have to be careful with the magic value key.

I will add a v0.7.0 milestone.

[davidmigloz]

Exactly, that's the use case I have in mind.

[patrickfav]

PR merged